public function validatePasswordResetRequest($email, $token)
{
Auth::restrictAccess('anonymous');
$passwordResets = new PasswordResets();
// This needs to go into base functions and return some kind of json message
if (!v::email()->validate($email)) {
return 'email dont comply';
}
if (!v::xdigit()->length(32, 32)->validate($token)) {
return 'token dont comply';
}
$passwordReset = $passwordResets->show($email);
// Not going to reveal whether the user account was found...
if (empty($passwordReset['token']) || empty($passwordReset['created'])) {
echo 'password reset request not found. forward. please submit a password reset request first';
die;
}
$created = strtotime($passwordReset['created']);
$now = strtotime(date('Y-m-d H:i:s'));
$diff = round(($now - $created) / 60, 2);
if (intval($diff) > 60) {
echo 'password reset has expired. 60 minutes max. submit another reset request';
die;
}
if (password_verify($token, $passwordReset['token'])) {
// probably shouldnt disclose this. just send json success
echo 'password matches. proceed to reset.';
}
return $passwordReset;
}
/**
* Verifica se o valor possui apenas caracteres hexadecimal
* @param string $value
* @return boolean
*/
public function validXdigit($value)
{
if (!v::xdigit()->validate($value)) {
Factory::log()->warn('Valor deve possuir apenas caracteres hexadecimal');
return false;
}
return true;
}